6 files changed, 93 insertions, 28 deletions

diff --git a/lib/public_key/asn1/PKCS-8.asn1 b/lib/public_key/asn1/PKCS-8.asn1
index 8412345b68..292a7b2029 100644
--- a/lib/public_key/asn1/PKCS-8.asn1
+++ b/lib/public_key/asn1/PKCS-8.asn1
@@ -26,7 +26,7 @@ BEGIN
 
 -- This import is really unnecessary since ALGORITHM-IDENTIFIER is defined as a 
 -- TYPE-IDENTIFIER
--- Renome this import and replace all occurences of ALGORITHM-IDENTIFIER with
+-- Rename this import and replace all occurrences of ALGORITHM-IDENTIFIER with
 -- TYPE-IDENTIFIER as a workaround for weaknesses in the ASN.1 compiler
 --AlgorithmIdentifier, ALGORITHM-IDENTIFIER
 --        FROM PKCS5v2-0 {iso(1) member-body(2) us(840) rsadsi(113549)
diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml
index a34c9de76b..2300ce3937 100644
--- a/lib/public_key/doc/src/public_key.xml
+++ b/lib/public_key/doc/src/public_key.xml
@@ -5,7 +5,7 @@
   <header>
     <copyright>
       <year>2008</year>
-      <year>2017</year>
+      <year>2016</year>
       <holder>Ericsson AB, All Rights Reserved</holder>
     </copyright>
     <legalnotice>
@@ -331,13 +331,16 @@
   </func>   
   
   <func>
-    <name>generate_key(Params) -> {Public::binary(), Private::binary()}  | #'ECPrivateKey'{} </name>
+    <name>generate_key(Params) -> {Public::binary(), Private::binary()}  | #'ECPrivateKey'{} | {#'RSAPublicKey'{}, #'RSAPrivateKey'{}}</name>
     <fsummary>Generates a new keypair.</fsummary>
     <type>
-      <v>Params = #'DHParameter'{} |  {namedCurve, oid()} |  #'ECParameters'{}</v>
+      <v>Params = #'DHParameter'{} |  {namedCurve, oid()} |  #'ECParameters'{} 
+      | {rsa, Size::integer(), PubExp::integer} </v>
     </type>
   <desc>
-    <p>Generates a new keypair.</p>
+    <p>Generates a new keypair. See also
+    <seealso marker="crypto:crypto#generate_key/2">crypto:generate_key/2</seealso>
+    </p>
   </desc>
   </func>
 
diff --git a/lib/public_key/src/public_key.app.src b/lib/public_key/src/public_key.app.src
index 88ef07c5a6..dbd732c384 100644
--- a/lib/public_key/src/public_key.app.src
+++ b/lib/public_key/src/public_key.app.src
@@ -14,7 +14,7 @@
    {applications, [asn1, crypto, kernel, stdlib]},
    {registered, []},
    {env, []},
-   {runtime_dependencies, ["stdlib-2.0","kernel-3.0","erts-6.0","crypto-3.3",
+   {runtime_dependencies, ["stdlib-2.0","kernel-3.0","erts-6.0","crypto-3.8",
 			   "asn1-3.0"]}
    ]
 }.
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 730f90e745..8f185bbbd4 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2017. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2016. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@@ -395,9 +395,15 @@ dh_gex_group(Min, N, Max, Groups) ->
     pubkey_ssh:dh_gex_group(Min, N, Max, Groups).
 
 %%--------------------------------------------------------------------
--spec generate_key(#'DHParameter'{} | {namedCurve, Name ::oid()} |
-		   #'ECParameters'{}) -> {Public::binary(), Private::binary()} |
-					    #'ECPrivateKey'{}.
+-spec generate_key(#'DHParameter'{}) ->
+                          {Public::binary(), Private::binary()};
+                  ({namedCurve, Name ::oid()}) ->
+                          #'ECPrivateKey'{};
+                  (#'ECParameters'{}) ->
+                          #'ECPrivateKey'{};
+                  ({rsa, Size::pos_integer(), PubExp::pos_integer()}) ->
+                          {#'RSAPublicKey'{}, #'RSAPrivateKey'{}}.
+
 %% Description: Generates a new keypair
 %%--------------------------------------------------------------------
 generate_key(#'DHParameter'{prime = P, base = G}) ->
@@ -405,7 +411,49 @@ generate_key(#'DHParameter'{prime = P, base = G}) ->
 generate_key({namedCurve, _} = Params) ->
     ec_generate_key(Params);
 generate_key(#'ECParameters'{} = Params) ->
-    ec_generate_key(Params).
+    ec_generate_key(Params);
+generate_key({rsa, ModulusSize, PublicExponent}) ->
+    case crypto:generate_key(rsa, {ModulusSize,PublicExponent}) of
+        {[E, N], [E, N, D, P, Q, D_mod_P_1, D_mod_Q_1, InvQ_mod_P]} ->
+            Nint = crypto:bytes_to_integer(N),
+            Eint = crypto:bytes_to_integer(E),
+            {#'RSAPublicKey'{modulus = Nint,
+                             publicExponent = Eint},
+             #'RSAPrivateKey'{version = 0, % Two-factor (I guess since otherPrimeInfos is not given)
+                              modulus = Nint,
+                              publicExponent = Eint,
+                              privateExponent = crypto:bytes_to_integer(D),
+                              prime1 = crypto:bytes_to_integer(P),
+                              prime2 = crypto:bytes_to_integer(Q),
+                              exponent1 = crypto:bytes_to_integer(D_mod_P_1),
+                              exponent2 = crypto:bytes_to_integer(D_mod_Q_1),
+                              coefficient = crypto:bytes_to_integer(InvQ_mod_P)}
+            };
+
+        {[E, N], [E, N, D]} -> % FIXME: what to set the other fields in #'RSAPrivateKey'?
+                               % Answer: Miller [Mil76]
+                               %   G.L. Miller. Riemann's hypothesis and tests for primality.
+                               %   Journal of Computer and Systems Sciences,
+                               %   13(3):300-307,
+                               %   1976.
+            Nint = crypto:bytes_to_integer(N),
+            Eint = crypto:bytes_to_integer(E),
+            {#'RSAPublicKey'{modulus = Nint,
+                             publicExponent = Eint},
+             #'RSAPrivateKey'{version = 0, % Two-factor (I guess since otherPrimeInfos is not given)
+                              modulus = Nint,
+                              publicExponent = Eint,
+                              privateExponent = crypto:bytes_to_integer(D),
+                              prime1 = '?',
+                              prime2 = '?',
+                              exponent1 = '?',
+                              exponent2 = '?',
+                              coefficient = '?'}
+            };
+
+        Other ->
+            Other
+    end.
 
 %%--------------------------------------------------------------------
 -spec compute_key(#'ECPoint'{} , #'ECPrivateKey'{}) -> binary().
@@ -1110,19 +1158,16 @@ do_pkix_crls_validate(OtpCert, [{DP, CRL, DeltaCRL} | Rest],  All, Options, Revo
     end.
 
 sort_dp_crls(DpsAndCrls, FreshCB) ->
-    Sorted = do_sort_dp_crls(DpsAndCrls, dict:new()),
-    sort_crls(Sorted, FreshCB, []).
-
-do_sort_dp_crls([], Dict) ->
-    dict:to_list(Dict);
-do_sort_dp_crls([{DP, CRL} | Rest], Dict0) ->
-    Dict = try dict:fetch(DP, Dict0) of
-	       _ ->
-		   dict:append(DP, CRL, Dict0)
-	   catch _:_ ->
-		   dict:store(DP, [CRL], Dict0)
-	   end,
-    do_sort_dp_crls(Rest, Dict).
+    sort_crls(maps:to_list(lists:foldl(fun group_dp_crls/2,
+                                       #{},
+                                       DpsAndCrls)),
+              FreshCB, []).
+
+group_dp_crls({DP,CRL}, M) ->
+    case M of
+        #{DP := CRLs} -> M#{DP := [CRL|CRLs]};
+        _ -> M#{DP => [CRL]}
+    end.
 
 sort_crls([], _, Acc) ->
     Acc;
@@ -1201,8 +1246,11 @@ ec_curve_spec( #'ECParameters'{fieldID = FieldId, curve = PCurve, base = Base, o
 	     FieldId#'FieldID'.parameters},
     Curve = {PCurve#'Curve'.a, PCurve#'Curve'.b, none},
     {Field, Curve, Base, Order, CoFactor};
-ec_curve_spec({namedCurve, OID}) ->
-    pubkey_cert_records:namedCurves(OID).
+ec_curve_spec({namedCurve, OID}) when is_tuple(OID), is_integer(element(1,OID)) ->
+    ec_curve_spec({namedCurve,  pubkey_cert_records:namedCurves(OID)});
+ec_curve_spec({namedCurve, Name}) when is_atom(Name) ->
+    crypto:ec_curve(Name).
+
 
 ec_key({PubKey, PrivateKey}, Params) ->
     #'ECPrivateKey'{version = 1,
diff --git a/lib/public_key/test/erl_make_certs.erl b/lib/public_key/test/erl_make_certs.erl
index 3dab70784c..00be7dd5b3 100644
--- a/lib/public_key/test/erl_make_certs.erl
+++ b/lib/public_key/test/erl_make_certs.erl
@@ -346,10 +346,24 @@ make_key(ec, _Opts) ->
 %% RSA key generation  (OBS: for testing only)
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
+gen_rsa2(Size) -> 
+    try
+        %% The numbers 2048,17 is choosen to not cause the cryptolib on
+        %% FIPS-enabled test machines be mad at us.
+        public_key:generate_key({rsa, 2048, 17})
+    of
+        {_Public, Private} -> Private
+    catch
+        error:notsup ->
+            %% Disabled dirty_schedulers => crypto:generate_key not working
+            weak_gen_rsa2(Size)
+    end.
+
+
 -define(SMALL_PRIMES, [65537,97,89,83,79,73,71,67,61,59,53,
 		       47,43,41,37,31,29,23,19,17,13,11,7,5,3]).
 
-gen_rsa2(Size) ->
+weak_gen_rsa2(Size) ->
     P = prime(Size),
     Q = prime(Size),
     N = P*Q,
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index 80895ce97c..68aa152911 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2017. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2016. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.